IPMediumSignal 99/100

`185.39.19.48`

Location

Russian Federation

Mottram in Longdendale, England

ASN

AS48207

Prime LLC

First Seen

Jun 19, 2025

Last Seen

May 22, 2026

Jun 19

First Seen

358d ago

May 22

Last Seen

21d ago

Reports

source reports

99%

Confidence

medium

3/91

VirusTotal

detections

Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

99%

Signal Score

99 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

48 techniques

Network Information

Country

Russian Federation

RegionMottram in Longdendale, England

ASNAS48207

OrganizationPrime LLC

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

13 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseactive scanactive scanningadbhoney activityadbhoney exploitsadbhoney honeypotattackbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute_forcec2 communicationc2 servercisco devicecisco device targetingcisco exploit attemptscisco exploitation attemptscisco_exploitcommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostsconnected devicesconpot honeypotcowrie activitycowrie capturecowrie honeypotcowrie ssh attackscowrie_attackcredential accesscredential harvestingcredential stuffingcredential_accessdata exfiltrationdata store exposuredata theftdatabase attackdatabase enumerationdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaea activitydionaea capturedionaea honeypotdionaea malware collectiondionaea malware detectiondistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingeuropeeurope/asiaexploit attemptexploit probingexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostfinlandfranceftp brute forceftp brute-forcegbgermanyhackingheralding activityherolding attackshoneynet connecthoneytrap honeypothttp brute forceics securityidentity & access exploitationindustrial control systemsindustrial iotinitial accessinitial_accessinjection activityinternet of thingsiociot analyticsiot applicationsiot platformsiot securityiot/ics attackipphoney honeypotlamplamp attackslamp exploit attemptslamp exploitation attemptslamp stack targetinglamp_exploitlateral movementlateral movement attemptlogin attemptmailoney honeypotmalicious activitymalicious email activitymalicious softwaremalicious software targetingmalicious trafficmalwaremalware behaviourmalware capturemalware distributionnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaopen proxypassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandpossible credential reusepossible malware infectionpossible malware probingprocess injectionprotocol abuseprotocol exploitationproxyreconnaissanceredis honeypotredishoneypot activityremote accessremote access attemptsremote servicesresearchedresource hijackingrussiascannerscanning activityscripting attackssentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer sip attacksservice scansftp access attemptsftp access attemptssftp attacksftp attackssftp_attacksip attackssip brute forcesip heraldingsip scanningsip vulnerability probingsip vulnerability scansip_attacksmart devicessmb brute forcesmtp brute forcesmtp scanningsocial engineeringspamssh attackssh attacksssh monitoringssh_bruteforcet1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencetor nodeudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunited kingdomunited statesvoipvoip attackvpnvpn ipvulnerability scanweb app attackweb application attackweb application scanningweb attackweb exploitationweb spam

Activity Timeline

1 total obs

May 22May 22

Threat Activity Heatmap

· Peak: 2026-05-22

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

99%

Confidence

Reports

First seenJun 19, 2025

Last seenMay 22, 2026

GeolocationRU

CountryRussian Federation

LocationMottram in Longdendale, England

ASNAS48207

OrgPrime LLC

Coords55.7386, 37.6068

ProxyVPN

VirusTotal

3/ 91vendors flagged

3% detection rateJun 8, 2026

WHOIS

description: 2025-07-05T14:24:04.731Z Honeypot : Tanner : Source: 185.39.19.48 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'sess_uuid': '2e125a9b-a54b-4c24-a0b1-b52c9afc00b4', 'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}}}}
raw: inetnum: 185.39.19.0 - 185.39.19.254 netname: RU-PRIME-20250103 country: RU org: ORG-PL579-RIPE tech-c: PL15005-RIPE admin-c: PL15005-RIPE status: ASSIGNED PA mnt-by: IP-RIPE created: 2025-01-03T19:12:16Z last-modified: 2025-03-11T08:54:04Z source: RIPE organisation: ORG-PL579-RIPE org-name: Prime LLC country: RU org-type: LIR address: Maliy Konushkovskiy per., d. 2, pomesh. 196 address: 123242 address: Moscow address: RUSSIAN FEDERATION phone: +7 (495) 132-63-05 admin-c: PL15005-RIPE tech-c: PL15005-RIPE abuse-c: AR77862-RIPE mnt-ref: lir-ru-prime-1-MNT mnt-ref: IP-RIPE mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-ru-prime-1-MNT created: 2025-03-10T13:30:34Z last-modified: 2025-03-11T08:47:44Z source: RIPE # Filtered role: Prime LLC address: RUSSIAN FEDERATION address: Moscow address: 123242 address: Maliy Konushkovskiy per., d. 2, pomesh. 196 phone: +7 (495) 132-63-05 nic-hdl: PL15005-RIPE mnt-by: lir-ru-prime-1-MNT created: 2025-03-10T13:30:33Z last-modified: 2025-03-10T13:30:34Z source: RIPE # Filtered route: 185.39.19.0/24 origin: AS213021 mnt-by: IP-RIPE created: 2025-05-16T17:21:49Z last-modified: 2025-05-16T17:21:49Z source: RIPE route: 185.39.19.0/24 origin: AS216341 mnt-by: IP-RIPE created: 2025-06-01T08:56:08Z last-modified: 2025-06-01T08:56:08Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`185.39.19.48`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy